Microsoft security alert.
September 10, 2024
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 74 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Cumulative Security Update (KB5043049) for September 2024
- Severity
- Critical 4
- Qualys ID
- 100421
- Vendor Reference
- KB5043049
- CVE Reference
- CVE-2024-43461
- CVSS Scores
- Base 9 / Temporal 7.1
- Description
-
Internet Explorer is a web browser developed by Microsoft which is included in Microsoft Windows Operating Systems.
Microsoft has released KB5043049 for Internet Explorer 11 and 9
Affected Versions:
Internet Explorer 11 on Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2012.
Internet Explorer 11 on Windows Server 2008.
Detection Logic: We are verifying the file version of "mshtml.dll". - Consequence
-
Successful exploitation could compromise confidentiality, integrity and availability
- Solution
-
For more information, Customers are advised to refer the KB5043049
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5043049
-
Microsoft SharePoint Server Security Update for September 2024
- Severity
- Urgent 5
- Qualys ID
- 110475
- Vendor Reference
- KB5002624, KB5002639, KB5002640
- CVE Reference
- CVE-2024-38018, CVE-2024-38227, CVE-2024-38228, CVE-2024-43464, CVE-2024-43466
- CVSS Scores
- Base 9 / Temporal 7.1
- Description
-
Microsoft has released September 2024 security update to fix a remote code execution and a denial of service vulnerability in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.
This security update contains the following KBs:
QID Detection Logic (Authenticated):
Operating System: Windows
- Consequence
-
Vulnerable SharePoint may be prone to Remote Code Execution and/or Denial of Service Vulnerabilities.
- Solution
-
Customers are advised to refer to the the Article(s):
CVE-2024-43466,
CVE-2024-38228,
CVE-2024-38227,
CVE-2024-43464,
and CVE-2024-38018 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38018
CVE-2024-38227
CVE-2024-38228
CVE-2024-43464
CVE-2024-43466
-
Microsoft Office Security Update for September 2024
- Severity
- Critical 4
- Qualys ID
- 110476
- Vendor Reference
- KB5002566, KB5002601, KB5002605, KB5002634, Office Click-2-Run and Office 365 Release Notes
- CVE Reference
- CVE-2024-38016, CVE-2024-38226, CVE-2024-38250, CVE-2024-43463, CVE-2024-43465
- CVSS Scores
- Base 7.2 / Temporal 5.6
- Description
-
Microsoft has released September 2024 security updates to fix Remote Code Execution, Security Feature Bypass and Elevation of Privilege vulnerabilities.
This security update contains the following:
KB5002566
KB5002605
KB5002601
KB5002634
and Office Click-2-Run and Office 365 Release Notes and
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.Operating System: MacOS
This QID checks for the vulnerable versions of affected Office Applications.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Vulnerable products may be prone to Remote Code Execution, Security Feature Bypass and/or Elevation of Privilege Vulnerabilities.
- Solution
-
Customers are advised to refer to these the Article(s):
CVE-2024-38226,
CVE-2024-43465,
CVE-2024-43463, and
CVE-2024-38250 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38226
CVE-2024-38250
CVE-2024-43463
CVE-2024-43465
-
Microsoft Azure CycleCloud Remote Code Execution (RCE) Vulnerability for September 2024
- Severity
- Critical 4
- Qualys ID
- 380468
- Vendor Reference
- CVE-2024-43469
- CVE Reference
- CVE-2024-43469
- CVSS Scores
- Base 7.5 / Temporal 5.5
- Description
-
Azure CycleCloud is an enterprise-friendly tool for orchestrating and managing High Performance Computing (HPC) environments on Azure.
An authenticated attacker with Azure CycleCloud instance command execution capabilities might send a specially crafted request to return storage account credentials and runtime data.
Affected Software:
Azure CycleCloud from 8.0.0 prior to 8.0.3
Azure CycleCloud from 8.1.0 prior to 8.1.2
Azure CycleCloud from 8.2.0 prior to 8.2.3
Azure CycleCloud 8.3.0
Azure CycleCloud from 8.4.0 prior to 8.4.3
Azure CycleCloud 8.5.0
Azure CycleCloud 8.6.0 prior to 8.6.4QID Detection Logic (Authenticated):
On Linux, this authenticated QID flags vulnerable version of Azure CycleCloud.
- Consequence
-
Successful exploitation of this vulnerability could enable remote code execution to be performed on any cluster in the CycleCloud instance.
- Solution
-
Customers are advised to refer to CVE-2024-43469 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43469
-
Microsoft SQL Server Multiple Vulnerabilities for September 2024
- Severity
- Critical 4
- Qualys ID
- 380469
- Vendor Reference
- CVE-2024-26186, CVE-2024-26191, CVE-2024-37335, CVE-2024-37337, CVE-2024-37338, CVE-2024-37339, CVE-2024-37340, CVE-2024-37341, CVE-2024-37342, CVE-2024-37965, CVE-2024-37966, CVE-2024-37980, CVE-2024-43474
- CVE Reference
- CVE-2024-26186, CVE-2024-26191, CVE-2024-37335, CVE-2024-37337, CVE-2024-37338, CVE-2024-37339, CVE-2024-37340, CVE-2024-37341, CVE-2024-37342, CVE-2024-37965, CVE-2024-37966, CVE-2024-37980, CVE-2024-43474
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
Microsoft has released a security update to address Remote code execution, Information disclosure, and Privilege escalation vulnerabilities in SQL Server.
Affected Software:
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2019 for x64-based Systems (CU 28)
Microsoft SQL Server 2022 for x64-based Systems (CU 14)
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
QID Detection Logic (Authenticated):
On Windows, this QID checks for the vulnerable version of SQL server via the registry keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft SQL Server and HKEY_LOCAL_MACHINE\WOW6432Node\SOFTWARE\Microsoft SQL Server and the related sub keys for SQL server.
- Consequence
-
Successful exploitation may lead to Remote code execution, Information disclosure, and Privilege escalation vulnerability.
- Solution
-
Refer to
CVE-2024-37341
CVE-2024-37980
CVE-2024-37965
CVE-2024-43474
CVE-2024-26191
CVE-2024-26186
CVE-2024-37342
CVE-2024-37337
CVE-2024-37339
CVE-2024-37340
CVE-2024-37335
CVE-2024-37966
CVE-2024-37338
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-26186
CVE-2024-26191
CVE-2024-37335
CVE-2024-37337
CVE-2024-37338
CVE-2024-37339
CVE-2024-37340
CVE-2024-37341
CVE-2024-37342
CVE-2024-37965
CVE-2024-37966
CVE-2024-37980
CVE-2024-43474
-
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability September 2024
- Severity
- Critical 4
- Qualys ID
- 380470
- Vendor Reference
- CVE-2024-43492
- CVE Reference
- CVE-2024-43492
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them.
Affected Software:
Microsoft AutoUpdate Version prior to 4.72QID Detection Logic (Authenticated):
The authenticated check looks for installed Mac packages. - Consequence
-
An attacker who successfully exploited the vulnerability who already has the ability to execute code on a system could elevate privileges.
- Solution
-
Users are advised to check CVE-2024-43492 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43492
-
Microsoft Dynamics Business Central Elevation of Privilege Vulnerability for Sep 2024
- Severity
- Critical 4
- Qualys ID
- 92168
- Vendor Reference
- CVE-2024-38225
- CVE Reference
- CVE-2024-38225
- CVSS Scores
- Base 8 / Temporal 5.9
- Description
-
Microsoft Dynamics 365 Business Central is an enterprise resource planning system from Microsoft. The product is part of the Microsoft Dynamics family, and shares the same codebase as NAV.
CVE-2024-38225:Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability.Affected Software:
Microsoft Dynamics 365 Business Central 2024 Release Wave 1 - Update
Microsoft Dynamics 365 Business Central 2023 Release Wave 2 - Update
Microsoft Dynamics 365 Business Central 2023 Release Wave 1 - Update
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe - Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Customers are advised to refer to CVE-2024-38225 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38225
-
Microsoft Windows Security Update for September 2024
- Severity
- Critical 4
- Qualys ID
- 92169
- Vendor Reference
- KB5040438, KB5040442, KB5042880, KB5042881, KB5043049, KB5043050, KB5043051, KB5043055, KB5043064, KB5043067, KB5043076, KB5043080, KB5043083, KB5043087, KB5043092, KB5043125, KB5043129, KB5043135, KB5043138
- CVE Reference
- CVE-2024-21416, CVE-2024-30073, CVE-2024-38014, CVE-2024-38045, CVE-2024-38046, CVE-2024-38119, CVE-2024-38217, CVE-2024-38230, CVE-2024-38231, CVE-2024-38232, CVE-2024-38233, CVE-2024-38234, CVE-2024-38235, CVE-2024-38236, CVE-2024-38237, CVE-2024-38238, CVE-2024-38239, CVE-2024-38240, CVE-2024-38241, CVE-2024-38242, CVE-2024-38243, CVE-2024-38244, CVE-2024-38245, CVE-2024-38246, CVE-2024-38247, CVE-2024-38248, CVE-2024-38249, CVE-2024-38250, CVE-2024-38252, CVE-2024-38253, CVE-2024-38254, CVE-2024-38256, CVE-2024-38257, CVE-2024-38258, CVE-2024-38259, CVE-2024-38260, CVE-2024-38263, CVE-2024-43454, CVE-2024-43455, CVE-2024-43457, CVE-2024-43458, CVE-2024-43461, CVE-2024-43467, CVE-2024-43475, CVE-2024-43487, CVE-2024-43495
- CVSS Scores
- Base 10 / Temporal 7.8
- Description
-
Microsoft Windows Security Update - September 2024
KB5043050
KB5042881
KB5042880
KB5043067
KB5043064
KB5043076
KB5043080
KB5043083
KB5043051
KB5043055
KB5043138
KB5043135
KB5043087
KB5043129
KB5043092
KB5043125
KB5043049
KB5040442
KB5040438
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
KB5043050
KB5042881
KB5042880
KB5043067
KB5043064
KB5043076
KB5043080
KB5043083
KB5043051
KB5043055
KB5043138
KB5043135
KB5043087
KB5043129
KB5043092
KB5043125
KB5043049
KB5040442
KB5040438
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5040438
KB5040442
KB5042880
KB5042881
KB5043049
KB5043050
KB5043051
KB5043055
KB5043064
KB5043067
KB5043076
KB5043080
KB5043083
KB5043087
KB5043092
KB5043125
KB5043129
KB5043135
KB5043138
-
Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting (XSS) Vulnerability for September 2024
- Severity
- Critical 4
- Qualys ID
- 92170
- Vendor Reference
- CVE-2024-43476
- CVE Reference
- CVE-2024-43476
- CVSS Scores
- Base 7.5 / Temporal 5.5
- Description
-
Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.
Affected Software:
Microsoft Dynamics CRM (on-premises) version 9.1QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe - Consequence
-
The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. The user would have to click on a specially crafted URL to be compromised by the attacker.
- Solution
-
Customers are advised to refer to refer to CVE-2024-43476 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43476
-
Microsoft Power Automate Desktop Remote Code Execution Vulnerability
- Severity
- Critical 4
- Qualys ID
- 92171
- Vendor Reference
- CVE-2024-43479
- CVE Reference
- CVE-2024-43479
- CVSS Scores
- Base 7.1 / Temporal 5.3
- Description
-
Power Automate allows you to automate web and desktop applications on your Windows desktop by mimicking the user interface actions like clicks, and keyboard input.
Power Automate for Desktop Affected Versions:
QID Detection Logic (Authenticated):
Versions starting from 2.41 up to but not including 2.41.178.24249. Versions starting from 2.42 up to but not including 2.42.331.24249. Versions starting from 2.43 up to but not including 2.43.249.24249. Versions starting from 2.44 up to but not including 2.44.55.24249. Versions starting from 2.45 up to but not including 2.45.404.24249. Versions starting from 2.46 up to but not including 2.46.181.24249. Versions starting from 2.47 up to but not including 2.47.119.24249.
The QID checks for vulnerable version of Windows Power Automate for Desktop by checking the file version of "PAD.AutomationServer.exe". - Consequence
- An attacker who effectively exploits this vulnerability can remotely execute arbitrary Desktop Flows scripts within an active Windows session of the targeted user.
- Solution
-
For more information, Customers are advised to refer the CVE-2024-43479
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43479
-
Microsoft Windows Update Remote Code Execution (RCE) Vulnerability September 2024
- Severity
- Critical 4
- Qualys ID
- 92172
- Vendor Reference
- CVE-2024-43491
- CVE Reference
- CVE-2024-43491
- CVSS Scores
- Base 10 / Temporal 7.8
- Description
-
Microsoft windows is affected by Remote Code Execution Vulnerability
Affected products:
KB5043083
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the following KB Articles associated with the update:
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43491
These new vulnerability checks are included in Qualys vulnerability signature 2.6.137-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 100421
- 110475
- 110476
- 380468
- 380469
- 380470
- 92168
- 92169
- 92170
- 92171
- 92172
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.